DMARC fo=0:1; is valid - Githubissues

domainaware / checkdmarc

A parser for SPF and DMARC DNS records

https://domainaware.github.io/checkdmarc

Apache License 2.0

251 stars 77 forks source link

DMARC fo=0:1; is valid #71

Closed dodge107 closed 1 year ago

dodge107 commented 3 years ago

We have a record that has the following:

fo=0:1:d:s;

This causes DMARC to be invalid

"error" : "fo DMARC tag options 0 and 1 are mutually exclusive"

From the RFC this is valid, you just want all permutations of the report:

0: Generate a DMARC failure report if all underlying authentication mechanisms fail to produce an aligned "pass" result.

1: Generate a DMARC failure report if any underlying authentication mechanism produced something other than an aligned "pass" result.

Kagee commented 3 years ago

While I concurr that the RFC appears to not exclude both 0&1, as I read them, if you have 1, setting 0 will not give you any more reports, as a report that has all non-pass, will match the any non-pass of the 1-setting?